secure_comparison.initiator module

Initiator of protocol, i.e. performs step 1. Alice; A in the paper.

class secure_comparison.initiator.Initiator(l_maximum_bit_length, communicator=None, other_party='', scheme_paillier=None, scheme_dgk=None, session_id=0)[source]

Bases: object

Player Alice in the secure comparison protocol, initiates.

__init__(l_maximum_bit_length, communicator=None, other_party='', scheme_paillier=None, scheme_dgk=None, session_id=0)[source]
Parameters:

  • l_maximum_bit_length (int) – maximum bit length used to constrain variables ($l$).

  • communicator (Communicator | None) – object for handling communication with the KeyHolder during the protocol.

  • other_party (str) – identifier of the other party

  • scheme_paillier (Paillier | None) – Paillier encryption scheme (without secret key).

  • scheme_dgk (DGK | None) – DGK encryption scheme (without secret key).

  • session_id (int) – keeps track of the session.

async perform_secure_comparison(x, y)[source]

Performs all steps of the secure comparison protocol for Alice. Performs required communication with Bob.

Parameters:

  • x (PaillierCiphertext | float) – first (encrypted) input variable $x$ or $[[x]]$.

  • y (PaillierCiphertext | float) – second (encrypted) input variable $y$ or $[[y]]$.

Return type:

PaillierCiphertext

Returns:

Encrypted value of $(x<=y)$: $[[(x<=y)]]$.

Raises:

ValueError – raised when communicator is not properly configured.

async receive_encryption_schemes(session_id=1)[source]

Receives encryption schemes Paillier and DGK (without secret keys) from Bob.

Parameters:

session_id (int) – distinguish communication different sessions.

Raises:

  • ValueError – raised when communicator is not properly configured.

  • ValueError – raised when received scheme is different from readily initialized scheme.

Return type:

None

property scheme_dgk: DGK

DGK scheme of the initiator.

Raises:

ValueError – No scheme available.

Returns:

DGK scheme.

property scheme_paillier: Paillier

Paillier scheme of the initiator.

Raises:

ValueError – No scheme available.

Returns:

Paillier scheme.

static shuffle(values)[source]

Shuffle the list in random order.

Parameters:

values (list[Any]) – List of objects that is to be shuffled.

Return type:

list[Any]

Returns:

Shuffled version of the input list.

static step_1(x_enc, y_enc, l, scheme_paillier)[source]

$A$ chooses a random number $r, 0 leq r < N$, and computes $$[[z]] leftarrow [[y - x + 2^l + r]] = [[x]] cdot [[y]]^{-1} cdot [[2^l + r]] mod N^2.$$

Parameters:

  • x_enc (PaillierCiphertext) – Encrypted value of $x$: $[[x]]$.

  • y_enc (PaillierCiphertext) – Encrypted value of $y$: $[[y]]$.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x$, $y$ that will be given as input to this method.

  • scheme_paillier (Paillier) – Paillier encryption scheme.

Return type:

tuple[PaillierCiphertext, int]

Returns:

Tuple containing as first entry the encrypted value of $z$: $[[z]] leftarrow [[y - x + 2^l + r]] = [[y]] cdot [[x]]^{-1} cdot [[2^l + r]] mod N^2$. The second entry is the randomness value $r$.

static step_3(r, l)[source]

$A$ computes $alpha = r mod 2^l$.

Parameters:

  • r (int) – The randomness value $r$ from step 1.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

Return type:

list[int]

Returns:

Value $alpha = r mod 2^l$ as bits.

static step_4c(d_enc, r, scheme_dgk, scheme_paillier)[source]

$A$ corrects $[d]$ by setting $[d] leftarrow [0]$ whenever $0 leq r < (N - 1)/2$.

Parameters:

  • d_enc (DGKCiphertext) – Encrypted value of $d$: $[d]$.

  • r (int) – The randomness value $r$ from step 1.

  • scheme_dgk (DGK) – DGK encryption scheme.

  • scheme_paillier (Paillier) – Paillier encryption scheme.

Return type:

DGKCiphertext

Returns:

Corrected encrypted value of $d$: $[d]$. If $0 leq r < (N - 1)/2$, then $[d] leftarrow [0]$, else $[d]$ remains unaltered.

static step_4d(alpha, beta_is_enc)[source]

For each $i, 0 leq i < l$, $A$ computes $[alpha_i oplus beta_i]$ as follows: if $alpha_i = 0$ then $[alpha_i oplus beta_i] leftarrow [beta_i]$ else $[alpha_i oplus beta_i] leftarrow [1] cdot [beta_i]^{-1} mod n$.

Parameters:

  • alpha (list[int]) – The value $alpha$ from step 3.

  • beta_is_enc (list[DGKCiphertext]) – List containing the encrypted values of $beta_i$: $[beta_i], 0 leq i < l$.

Return type:

list[DGKCiphertext]

Returns:

List containing the encrypted values of the bits $alpha_i oplus beta_i$: $[alpha_i oplus beta_i], 0 leq i < l$.

static step_4e(r, alpha, alpha_is_xor_beta_is_enc, d_enc, scheme_paillier)[source]

A computes $tilde{alpha} = (r - N) mod 2^l$, the corrected value of $alpha$ in case a carry-over actually did occur and adjusts $[alpha_i oplus beta_i]$ for each $i$: If $alpha_i = tilde{alpha}_i$ then $[w_i] leftarrow [alpha_i oplus beta_i]$ else $[w_i] leftarrow [alpha_i oplus beta_i] cdot [d]^{-1} mod n$

Parameters:

  • r (int) – The randomness value $r$ from step 1.

  • alpha (list[int]) – The value $alpha$ from step 3.

  • alpha_is_xor_beta_is_enc (list[DGKCiphertext]) – List containing the encrypted values of the bits $alpha_i oplus beta_i$: $[alpha_i oplus beta_i], 0 leq i < l$.

  • d_enc (DGKCiphertext) – Encrypted value of $d$: $[d]$.

  • scheme_paillier (Paillier) – Paillier encryption scheme.

Return type:

tuple[list[DGKCiphertext], list[int]]

Returns:

Tuple containing as first entry a list containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$. The second entry is the value $tilde{alpha} = (r - N) mod 2^l$ as bits.

static step_4f(w_is_enc)[source]

For each $i, 0 leq i < l$, $A$ computes $[w_i] leftarrow [w_i]^{2^i} mod n$ such that these values will not interfere each other when added.

Parameters:

w_is_enc (list[DGKCiphertext]) – List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

Return type:

list[DGKCiphertext]

Returns:

List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

static step_4g()[source]

$A$ chooses a uniformly random bit $delta_A$ and computes $s = 1 - 2 cdot delta_A$.

Return type:

tuple[int, int]

Returns:

Tuple containing as first entry the value $s = 1 - 2 cdot delta_A$. The second entry is the value $delta_A$.

static step_4h(s, alpha, alpha_tilde, d_enc, beta_is_enc, w_is_enc, delta_a, scheme_dgk)[source]

For each $i, 0 leq i < l$, $A$ computes $[c_i] = [s] cdot [alpha_i] cdot [d]^{tilde{alpha}_i-alpha_i} cdot [beta_i]^{-1} cdot (Pi^{l-1}_{j=i+1}[w_j])^3 mod n$. We add an additional value $[c_{-1}]$, with $c_{-1}=delta_A + Sigma^{l-1}_{i=0}(x_i oplus y_i)$ to also make the scheme work in case of equality of $x$ and $y$.

Parameters:

  • s (int) – The value $s$ from step 4g.

  • alpha (list[int]) – The value $alpha$ from step 3.

  • alpha_tilde (list[int]) – The value $tilde{alpha}$ from step 4e.

  • d_enc (DGKCiphertext) – Encrypted value of $d$: $[d]$.

  • beta_is_enc (list[DGKCiphertext]) – List containing the encrypted values of the bits $beta_i$: $[beta_i], 0 leq i < l$.

  • w_is_enc (list[DGKCiphertext]) – List containing the encrypted values of the bits $w_i$: $[w_i], 0 leq i < l$.

  • delta_a (int) – The value $delta_A$ from step 4g.

  • scheme_dgk (DGK) – DGK encryption scheme.

Return type:

list[DGKCiphertext]

Returns:

List containing the encrypted values of the bits $c_i$: $[c_i] = [s] cdot [alpha_i] cdot [d]^{tilde{alpha}_i-alpha_i} cdot [beta_i]^{-1} cdot (Pi^{l-1}_{j=i+1}[w_j])^3 mod n, 0 leq i < l$.

static step_4i(c_is_enc, scheme_dgk, do_shuffle=True)[source]

$A$ blinds the numbers $c_i$ by raising them to a random non-zero exponent $r_i in {1,ldots,u-1}$.

Parameters:

  • c_is_enc (list[DGKCiphertext]) – List containing the encrypted values of the bits $c_i$: $[c_i], 0 leq i < l$.

  • scheme_dgk (DGK) – DGK encryption scheme.

  • do_shuffle (bool) – Boolean parameter stating whether or not the bits should be shuffled randomly.

Return type:

list[DGKCiphertext]

Returns:

List containing the encrypted values of the masked bits $c_i$: $[c_i], 0 leq i < l$.

static step_6(delta_a, delta_b_enc)[source]

$A$ computes $[[(beta < alpha)]]$ as follows: if $delta_A = 1$ then $[[(beta < alpha)]] leftarrow [[delta_B]]$ else $[[(beta < alpha)]] leftarrow [[1]] cdot [[delta_B]]^{-1} mod N^2$.

Parameters:

  • delta_a (int) – The value $delta_A$ from step 4g.

  • delta_b_enc (PaillierCiphertext) – Encrypted value of $delta_B$: $[[delta_B]]$.

Return type:

PaillierCiphertext

Returns:

Encrypted value of $(beta < alpha)$: $[[(beta < alpha)]]$.

static step_7(zeta_1_enc, zeta_2_enc, r, l, beta_lt_alpha_enc, scheme_paillier)[source]

$A$ computes $[[(x leq y)]] leftarrow [[zeta]] cdot ([[ r div 2^l]] cdot [[(beta < alpha)]])^{-1} mod N^2$, where $zeta = zeta_1$, if $r < (N - 1) / 2$, else $zeta = zeta_2$.

Parameters:

  • zeta_1_enc (PaillierCiphertext) – Encrypted value of $zeta_1$: $[[zeta_1]]$.

  • zeta_2_enc (PaillierCiphertext) – Encrypted value of $zeta_2$: $[[zeta_2]]$.

  • r (int) – The randomness value $r$ from step 1.

  • l (int) – Fixed value, such that $0 leq x,y < 2^l$, for any $x, y$ that will be given as input to this method.

  • beta_lt_alpha_enc (PaillierCiphertext) – Encrypted value of $(beta < alpha)$: $[[(beta < alpha)]]$.

  • scheme_paillier (Paillier) – Paillier encryption scheme.

Return type:

PaillierCiphertext

Returns:

Encrypted value of $(x leq y)$: $[[(x leq y)]]$. This is the final result of the computation.